package com.qf.eureka.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Author: 一一哥
 * @Blame: yyg
 * @Since: Created in 2021/2/2
 * @Description: $cursor$
 */
//@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     *  可以进行类似于shiro中的设置,/index.html= anon
     *  该方法主要是用来对项目的某些资源进行拦截配置.
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.csrf()
               //禁用掉csrf跨站访问攻击
               .disable()
               //对/eureka/**所有的请求的直接放行
               .authorizeRequests()
               .mvcMatchers("/eureka/**")
               .permitAll()
               .mvcMatchers("/actuator/**")
               .permitAll()
               //对其余的请求,进行认证拦截
               .anyRequest()
               .authenticated()
               .and()
               //以上配置,主要是针对Http basic请求有效.
               .httpBasic();
    }

}
